That said, I'll for sure switch to P2Pool as soon as I have a better understanding.

It's actually quite simple. P2Pool creates a new block chain in which the difficulty adjusted so a new block is found every 10 seconds. So the blocks that get into the P2Pool block chain (called the "share chain") are the same blocks that would get into the Bitcoin block chain, only they have a lower difficulty target (currently around 200 vs. Bitcoin's ~1.4M). Whenever a peer announces a new share found (new block in the P2Pool block chain) it sends it around to the other peers, and the other peers verify that this block contains payouts for all the previous miners who found a share (and announced it) that made it into the P2Pool share chain. This continues until some peer finds a block that has a difficulty that meets the Bitcoin network's difficulty target. This peer announces this block to the Bitcoin network and miners who have submitted shares for this block are paid in the generation transaction of this block, proportionally to how many shares they have found since the last Bitcoin block was found.

Verification must be done at receive time. Ideally there should be a public black-list of addresses to be checked against before a transaction is confirmed.

I remember such ideas popped up when allinvain got his 25k BTCs stolen, but didn't follow.

Be careful with that. There's only one thing that's worse than getting hacked and getting your coins stolen, and that's punishing an innocent Bitcoin user.

If the thief uses one of those Bitcoin scramblers (where he sends his coins to a service that charges a fee, and sends back someone else's money to the thief) then we could be unjustly accusing some Silk Road user (or whoever might use such a service) for being a thief.

Also, if someone were to steal 10,000 BTC, he could just create 900 Bitcoin addresses for himself, send 10 BTC to each of these addresses and send the remaining 1000 BTC to publicly available Bitcoin addresses. We would then have no way of knowing which addresses belonged to the thief, and which were legimitate Bitcoin users who have published their address. Sacrificing 10% of the loot in order to avoid not being able to spend the coins seems like it would be worth it for a thief.

That said, I'll for sure switch to P2Pool as soon as I have a better understanding.

It's actually quite simple. [...] miners who have submitted shares for this block are paid in the generation transaction of this block, proportionally to how many shares they have found since the last Bitcoin block was found.

Each share contains a generation transaction that pays to the previous n shares, where n is the number of shares whose total work is equal to 3 times the average work required to solve a block, or 8640, whichever is smaller. Payouts are weighted based on the amount of work each share took to solve, which is proportional to the p2pool difficulty at that time.

Verification must be done at receive time. Ideally there should be a public black-list of addresses to be checked against before a transaction is confirmed.

I remember such ideas popped up when allinvain got his 25k BTCs stolen, but didn't follow.

Be careful with that. There's only one thing that's worse than getting hacked and getting your coins stolen, and that's punishing an innocent Bitcoin user.

If the thief uses one of those Bitcoin scramblers (where he sends his coins to a service that charges a fee, and sends back someone else's money to the thief) then we could be unjustly accusing some Silk Road user (or whoever might use such a service) for being a thief.

I remember watching a talk (guess it was http://www.youtube.com/watch?v=hlWyTqL1hFA) that proved that there is basically no anonymity with Bitcoins for the simple fact that the blockchain keeps track on any single transaction - forever. Remaining anonymous requires very precautious and continuous line of action, otherwise with the described methods one's addresses can be easily identified.

Those Bitcoin laundry services seem to be the only reliable method to cover the tracks to some degree. And like in real live, it is of questionable use -- the majority of their users might turn out not to be the typical Joe who wants to conceal his payments to porn sites.

Bitcoin does not claim to be anonymous at all, and like http://en.bitcoin.it/wiki/Anonymity#Legality suspects, Bitcoin laundry services are potentially illegal. Not all existing laws are bad, and in this case the community should consider avoiding such services. I even suppose that we need to accept transaction traceability by design, since irreversibility combined with anonymity won't work for too long.

Quote

Also, if someone were to steal 10,000 BTC, he could just create 900 Bitcoin addresses for himself, send 10 BTC to each of these addresses and send the remaining 1000 BTC to publicly available Bitcoin addresses. We would then have no way of knowing which addresses belonged to the thief, and which were legimitate Bitcoin users who have published their address. Sacrificing 10% of the loot in order to avoid not being able to spend the coins seems like it would be worth it for a thief.

Here I don't see the point. If one did those 900 transactions to new addresses, they are still visible and traceable from the blockchain. One could even set up some ping-pong or loop transaction scheme to move the BTCs between new addresses many times, but in the very end the BTCs need to be spent and as soon as the thief does a payment to someone checking the black-list, bad guy is bust.

This requires the black-list to be updated with each block and might turn out difficult to handle (DoS by spreading 100 stolen coins to 1 million addresses). Is this what your 10% sacrifice is meant for?

No. I have 10,000 stolen BTC. I divide it up into 1,000 lumps of 10 BTC. I send 100 of those lumps to 100 different donation addresses I collect from the forum, and the other 900 to 900 different new addresses I create for myself.

When I later spend one of those 10 BTC lumps and someone questions me about it, I say "I don't know who sent it to me - it just turned up one day", and checking the blockchain they can see that the same amount "just turned up" in lots of other well known addresses at the same time, lending evidence to my story that the thief just randomly distributed his ill-gotten gains to strangers.

No. I have 10,000 stolen BTC. I divide it up into 1,000 lumps of 10 BTC. I send 100 of those lumps to 100 different donation addresses I collect from the forum, and the other 900 to 900 different new addresses I create for myself.

When I later spend one of those 10 BTC lumps and someone questions me about it, I say "I don't know who sent it to me - it just turned up one day", and checking the blockchain they can see that the same amount "just turned up" in lots of other well known addresses at the same time, lending evidence to my story that the thief just randomly distributed his ill-gotten gains to strangers.

True that. But you can deny it once, twice, maybe three times, then it becomes obvious.

As said before, the use of laundry services impedes traceability - for both, honest ppl and thieves. Crackers do not need to invent sophisticated mechanisms to hide their tracks, they're already available.

^ Let's say I like marijuana and I want to buy some from Silk Road. I use a scrambling service to make the bitcoins non-linkable to my exchange account. What on earth is wrong with that?

I honestly think you're missing the bigger picture. Thieves will always exist no matter how much every honest person limits him or herself. We're not mitigating theft by doing this, we're just making life harder for ourselves, the honest ones. If you're willing to sacrifice your privacy to achieve some goal, good for you. I respect that. But I think it becomes problematic when we request that others do what we feel is right, just because we feel it's right.

^ Let's say I like marijuana and I want to buy some from Silk Road. I use a scrambling service to make the bitcoins non-linkable to my exchange account. What on earth is wrong with that?

Nothing. Never said its wrong, just that you can not have anonymity for Joe and traceability against the thief at the same time.

Quote

I honestly think you're missing the bigger picture. Thieves will always exist no matter how much every honest person limits him or herself. We're not mitigating theft by doing this, we're just making life harder for ourselves, the honest ones. If you're willing to sacrifice your privacy to achieve some goal, good for you. I respect that. But I think it becomes problematic when we request that others do what we feel is right, just because we feel it's right.

In an ideal world you would be right, but as you depict, the real one is different. This is how I see the big picture: ask yourself how often you would use your credit card for online payments, if it was neither reversible nor traceable?

So far, we basically do not have a dissent. But I disagree with your last sentence. I feel there is a misinterpretation of freedom as anarchy in that statement. Freedom does not mean no rules, free beer, and anyone is allowed to do what he wants, right? There are reasons why speed limits exist, even if some feel restricted in their personal freedom. And guess what, there for sure are solid reasons why our society tries to hinder people taking drugs. Freedom is good, and as such is what society is constantly increasing in its evolution (you might disagree, but the world had never seen more cumulated freedom than today).

So to close the loop: if we or they or some majority decides that it is bad for Bitcoin to use laundry services, I won't use them. Even if I feel restricted in my personal freedom, all that counts is the overall cumulative freedom and satisfaction of the community.

Here I don't see the point. If one did those 900 transactions to new addresses, they are still visible and traceable from the blockchain. One could even set up some ping-pong or loop transaction scheme to move the BTCs between new addresses many times, but in the very end the BTCs need to be spent and as soon as the thief does a payment to someone checking the black-list, bad guy is bust.

This requires the black-list to be updated with each block and might turn out difficult to handle (DoS by spreading 100 stolen coins to 1 million addresses). Is this what your 10% sacrifice is meant for?

Once a transaction makes it's way to more, then it becomes harder with each iteration. Who's to say that the next person (or three or eight) knows that they're stolen? As far as they know, they receive coins (or perhaps purchased/traded them) from legit means, not knowing they're stolen.. would you blame each one? I'd guess that once it reaches 10 iterations, it's all but lost.

So to close the loop: if we or they or some majority decides that it is bad for Bitcoin to use laundry services, I won't use them. Even if I feel restricted in my personal freedom, all that counts is the overall cumulative freedom and satisfaction of the community.

And that's what it all comes down to, in my opinion. You are free to follow that advice, while others are free to not. If we were to impose this on non-consenting Bitcoin users, a technology would simply pop up that circumvents it.

My original point was never about the law and whether it is fair or effective or not. My point was simply that giving up personal freedom in the name of public good simply does not work in the long run. We might benefit from it in the short run, but it doesn't solve the fundamental problem that made us give up the freedom in the first place (theft, terrorism, etc.).

But why was the pool operator even keeping the miners reward? Couldn't he pay his miners immediately from the generation transaction, with a send to many?

...

Before posting the question I decided to take a look in the blockchain.info... and even deepbit and Slush are attributing the generation coins to a single address, possibly to transfer them after the 120 blocks maturation period. Why? This is risky... Just send them immediately to the miners.

But why was the pool operator even keeping the miners reward? Couldn't he pay his miners immediately from the generation transaction, with a send to many?

...

Before posting the question I decided to take a look in the blockchain.info... and even deepbit and Slush are attributing the generation coins to a single address, possibly to transfer them after the 120 blocks maturation period. Why? This is risky... Just send them immediately to the miners.

I'd think the big ones might want to avoid a bunch of .000004 sends, since they have so many miners and such frequent blocks, but the smaller ought put payments right in the generate since they have less trust and the payments would tend to be larger and fewer I'd think.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.

I'd think the big ones might want to avoid a bunch of .000004 sends, since they have so many miners and such frequent blocks,

Well, if they are sending frequent transactions with all these .000004 spends, it would be the same, wouldn't it?

Otherwise, if they don't want to create huge transactions so frequently, they can aggregate. At each block they pay 10% of their miners, for ex. The math might get complicated, but it should be possible.

Before posting the question I decided to take a look in the blockchain.info... and even deepbit and Slush are attributing the generation coins to a single address, possibly to transfer them after the 120 blocks maturation period. Why? This is risky... Just send them immediately to the miners.

As a miner I would prefer that the pool sends the generated coins to itself and pays me in mature coins. That way I don't have to wait for 120 blocks before I can spend the coins.

Before posting the question I decided to take a look in the blockchain.info... and even deepbit and Slush are attributing the generation coins to a single address, possibly to transfer them after the 120 blocks maturation period. Why? This is risky... Just send them immediately to the miners.

As a miner I would prefer that the pool sends the generated coins to itself and pays me in mature coins. That way I don't have to wait for 120 blocks before I can spend the coins.

It doesn't make sense. You'll have to wait anyway. Either you wait with the money in your wallet, or you wait with it in the wallet of the pool operator. I find the former more secure.

It's true that pool operators could also be eWallets, protecting the coins of miners that do not feel safe to do it themselves. But I assume miners to be fairly technical people who don' t really need an eWallet.

While the Bitcoin technology can support strong anonymity, the current implementation is usually not very anonymous.

Fact is: with the current implementation you must add additional efforts and precautions to stay anonymous. Watch the talk and understand: since the blockchain is eternal during Bitcoin's existence, you can just sit and wait until the target person makes one single mistake to loose his carefully built up anonymity.